Euro Security logo white
Review of the Qualys study ‘Cyber Risks 2025’ – When technology meets business

July 18, 2025

Cyber Security

Cyber security is on the agenda for 2025 – and pretty high up there. Budgets are increasing, and the topic has reached the boardroom.

But the new Cyber Risk Report from Qualys and Dark Reading reveals an uncomfortable truth: lots of money, little impact. That’s because the crucial factor is often missing – the business context.

The figures speak for themselves: although almost half of the companies surveyed have established a formal risk programme, only 30 per cent align their priorities with specific business objectives. Even more serious: just 14% link cyber risk reports to financial metrics. The result? Security measures fizzle out, ROI fails to materialise – and the risk continues to grow.

The causes are complex. There is, for example, a notorious lack of asset intelligence: only 13% of companies know at any given time what they actually need to protect. The rest rely on Excel and manual effort. Communication is also lacking: finance teams are often left out of the loop, reports are overly technical and fail to reach the actual decision-makers.

But executives don’t want to see CVSS scores anymore; they want answers to key questions:
What will an attack cost us? Which risks are truly critical? And where should we start?

This is exactly where Qualys’ Risk Operations Centre (ROC) comes in – a new model that not only identifies cyber risks, but also translates them into relevant business metrics. With the Enterprise TruRisk Management (ETM) concept, technical details are converted into decisions that make strategic sense. It’s a kind of business GPS for risk management.

Conclusion: The study clearly shows that cybersecurity must make the leap from the technology basement to the business penthouse. If you want to protect your company effectively, you need context – not just tools. The ROC model offers a structured response to an increasingly complex problem.

👉 The full report is available for download here:
Transform Cybersecurity from a Cost Centre to a Business Driver | Qualys, Inc. https://www.qualys.com/forms/whitepapers/state-of-cyber-risk-report-and-roc-promotion/

Related Articles

Commentary: BERLIN – Known risks, familiar words, familiar failures

Jan 7, 2026

The power outage in Berlin since 3 January 2026 is extraordinary in its scale, but remarkably familiar in its causes and political consequences. Five damaged high-voltage cables, tens of thousands of households without electricity and heating, restrictions on mobile...

Commentary: Hesse’s clear stance against left-wing extremism

Jan 7, 2026

In his statement, Hesse's Interior Minister Roman Poseck paints a deliberately clear picture of left-wing extremism as a threat to security. The core of his position is clear: left-wing extremism is not understood as a marginal phenomenon or merely a side issue of...

Positive safety record at Bavaria’s Christmas markets

Jan 4, 2026

Successful protection concepts combining presence, prevention and cooperation At the end of the 2025 Christmas market season, the Bavarian State Ministry of the Interior reports a thoroughly positive safety record. Home Secretary Joachim Herrmann spoke of...

Share This